diff --git a/Configuration/OpenIddictSetup.cs b/Configuration/OpenIddictSetup.cs index 34d4577..7ed5834 100644 --- a/Configuration/OpenIddictSetup.cs +++ b/Configuration/OpenIddictSetup.cs @@ -17,19 +17,10 @@ public static class OpenIddictSetup services.Configure(options => { - // Configure Identity to use the same JWT claims as OpenIddict instead - // of the legacy WS-Federation claims it uses by default (ClaimTypes), - // which saves you from doing the mapping in your authorization controller. options.ClaimsIdentity.UserNameClaimType = OpenIddictConstants.Claims.Name; options.ClaimsIdentity.UserIdClaimType = OpenIddictConstants.Claims.Subject; options.ClaimsIdentity.RoleClaimType = OpenIddictConstants.Claims.Role; options.ClaimsIdentity.EmailClaimType = OpenIddictConstants.Claims.Email; - - // Note: to require account confirmation before login, - // register an email sender service (IEmailSender) and - // set options.SignIn.RequireConfirmedAccount to true. - // - // For more information, visit https://aka.ms/aspaccountconf. options.SignIn.RequireConfirmedAccount = false; }); @@ -56,7 +47,6 @@ public static class OpenIddictSetup options.SetIssuer(configuration["OpenIddict:Issuer"] ?? "http://localhost:5132"); options.SetAuthorizationEndpointUris("connect/authorize") - //.SetDeviceEndpointUris("connect/device") .SetIntrospectionEndpointUris("connect/introspect") .SetEndSessionEndpointUris("connect/endsession") .SetTokenEndpointUris("connect/token") @@ -68,14 +58,11 @@ public static class OpenIddictSetup .AllowClientCredentialsFlow() .AllowRefreshTokenFlow(); - options.AddDevelopmentEncryptionCertificate() .AddDevelopmentSigningCertificate(); - options.DisableAccessTokenEncryption(); - options.RegisterScopes(OpenIddictConstants.Scopes.OfflineAccess, OpenIddictConstants.Scopes.Email, OpenIddictConstants.Scopes.Profile, OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Permissions.Scopes.Roles, @@ -92,6 +79,8 @@ public static class OpenIddictSetup .EnableTokenEndpointPassthrough() .EnableUserInfoEndpointPassthrough() .EnableStatusCodePagesIntegration(); + + options.SetAccessTokenLifetime(TimeSpan.FromHours(24)); }); } diff --git a/Data/ApplicationDbContext.cs b/Data/ApplicationDbContext.cs index 04f5eab..b5d9b46 100644 --- a/Data/ApplicationDbContext.cs +++ b/Data/ApplicationDbContext.cs @@ -4,13 +4,9 @@ using Microsoft.EntityFrameworkCore; namespace Fengling.AuthService.Data; -public class ApplicationDbContext : IdentityDbContext +public class ApplicationDbContext(DbContextOptions options) + : IdentityDbContext(options) { - public ApplicationDbContext(DbContextOptions options) - : base(options) - { - } - public DbSet Tenants { get; set; } public DbSet AccessLogs { get; set; } public DbSet AuditLogs { get; set; } diff --git a/Data/SeedData.cs b/Data/SeedData.cs index 8e1d900..43a49ed 100644 --- a/Data/SeedData.cs +++ b/Data/SeedData.cs @@ -187,5 +187,23 @@ public static class SeedData await applicationManager.CreateAsync(descriptor); } + + var resourceServerClient = await applicationManager.FindByClientIdAsync("fengling-api"); + + if (resourceServerClient == null) + { + var resourceDescriptor = new OpenIddictApplicationDescriptor + { + ClientId = "fengling-api", + ClientSecret = "fengling-api-secret", + DisplayName = "Fengling API", + Permissions = + { + OpenIddictConstants.Permissions.Endpoints.Introspection + } + }; + + await applicationManager.CreateAsync(resourceDescriptor); + } } } diff --git a/Migrations/ApplicationDbContextModelSnapshot.cs b/Migrations/ApplicationDbContextModelSnapshot.cs index 24d7c3b..b7fb39f 100644 --- a/Migrations/ApplicationDbContextModelSnapshot.cs +++ b/Migrations/ApplicationDbContextModelSnapshot.cs @@ -309,77 +309,6 @@ namespace Fengling.AuthService.Migrations b.ToTable("AuditLogs"); }); - modelBuilder.Entity("Fengling.AuthService.Models.OAuthApplication", b => - { - b.Property("Id") - .ValueGeneratedOnAdd() - .HasColumnType("bigint"); - - NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); - - b.Property("ClientId") - .IsRequired() - .HasMaxLength(100) - .HasColumnType("character varying(100)"); - - b.Property("ClientSecret") - .HasMaxLength(200) - .HasColumnType("character varying(200)"); - - b.Property("ClientType") - .IsRequired() - .HasMaxLength(20) - .HasColumnType("character varying(20)"); - - b.Property("ConsentType") - .IsRequired() - .HasMaxLength(20) - .HasColumnType("character varying(20)"); - - b.Property("CreatedAt") - .HasColumnType("timestamp with time zone"); - - b.Property("Description") - .HasMaxLength(500) - .HasColumnType("character varying(500)"); - - b.Property("DisplayName") - .IsRequired() - .HasMaxLength(100) - .HasColumnType("character varying(100)"); - - b.PrimitiveCollection("GrantTypes") - .IsRequired() - .HasColumnType("text[]"); - - b.PrimitiveCollection("PostLogoutRedirectUris") - .IsRequired() - .HasColumnType("text[]"); - - b.PrimitiveCollection("RedirectUris") - .IsRequired() - .HasColumnType("text[]"); - - b.PrimitiveCollection("Scopes") - .IsRequired() - .HasColumnType("text[]"); - - b.Property("Status") - .IsRequired() - .HasMaxLength(20) - .HasColumnType("character varying(20)"); - - b.Property("UpdatedAt") - .HasColumnType("timestamp with time zone"); - - b.HasKey("Id"); - - b.HasIndex("ClientId") - .IsUnique(); - - b.ToTable("OAuthApplications"); - }); - modelBuilder.Entity("Fengling.AuthService.Models.Tenant", b => { b.Property("Id") @@ -423,6 +352,9 @@ namespace Fengling.AuthService.Migrations .HasMaxLength(100) .HasColumnType("character varying(100)"); + b.Property("Settings") + .HasColumnType("text"); + b.Property("Status") .IsRequired() .HasMaxLength(20)